Spaces:
Paused
Paused
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| name: Test & Lint | |
| runs-on: ubuntu-latest | |
| env: | |
| DATABASE_URL: "postgresql://postgres:password@localhost:5432/widgetdc_test" | |
| REDIS_URL: "redis://localhost:6379" | |
| services: | |
| postgres: | |
| image: pgvector/pgvector:pg16 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: password | |
| POSTGRES_DB: widgetdc_test | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| redis: | |
| image: redis:alpine | |
| ports: | |
| - 6379:6379 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| permissions: | |
| contents: read | |
| strategy: | |
| matrix: | |
| node-version: [20.x] | |
| fail-fast: false | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: "npm" | |
| - name: Install dependencies | |
| run: npm ci --legacy-peer-deps | |
| - name: Generate Prisma Client | |
| run: cd apps/backend && npx prisma generate | |
| - name: Run linter | |
| continue-on-error: true | |
| run: npm run lint | |
| - name: Check formatting | |
| continue-on-error: true | |
| run: npm run format:check | |
| - name: Run tests | |
| run: npm run test:run | |
| - name: Report Test Failure | |
| if: failure() | |
| run: echo "::error::Tests failed on Node ${{ matrix.node-version }}" | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| if: always() | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20.x" | |
| cache: "npm" | |
| - name: Install dependencies | |
| run: npm ci --legacy-peer-deps | |
| - name: Generate Prisma Client | |
| run: cd apps/backend && npx prisma generate | |
| - name: Build application | |
| run: npm run build | |
| - name: Report Build Failure | |
| if: failure() | |
| run: echo "::error::Build failed - check logs for details" | |
| frontend-ci: | |
| name: Frontend CI (Lint + TypeCheck + Build) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20.x" | |
| cache: "npm" | |
| - name: Install dependencies | |
| run: npm ci --legacy-peer-deps | |
| - name: TypeCheck frontend | |
| run: npm run typecheck:frontend | |
| # Note: continue-on-error allows warnings while maintaining visibility. | |
| # Existing warnings are tracked; new lint errors will show in PR annotations. | |
| - name: Lint frontend | |
| continue-on-error: true | |
| run: npm run lint:frontend | |
| - name: Build frontend | |
| run: npm run build:frontend | |
| - name: Report Frontend Build Failure | |
| if: failure() | |
| run: echo "::error::Frontend build failed" | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| if: always() | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run npm audit | |
| run: npm audit --audit-level=moderate --legacy-peer-deps || true | |
| - name: Upload audit results | |
| if: always() | |
| run: npm audit --json --legacy-peer-deps > audit-results.json || true | |
| - name: Upload audit artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-audit | |
| path: audit-results.json | |
| retention-days: 30 | |